[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 8 21:11:08 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4c73413 by security tracker role at 2018-10-08T20:10:55Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18067
+ RESERVED
+CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a ...)
+ TODO: check
+CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...)
+ TODO: check
+CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during ...)
+ TODO: check
+CVE-2018-18063
+ RESERVED
+CVE-2018-18062
+ RESERVED
+CVE-2018-18061
+ RESERVED
+CVE-2018-18060
+ RESERVED
+CVE-2018-18059
+ RESERVED
+CVE-2018-18058
+ RESERVED
+CVE-2018-18057
+ RESERVED
+CVE-2018-18056
+ RESERVED
+CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
+ TODO: check
+CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input ...)
+ TODO: check
+CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 ...)
+ TODO: check
+CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version ...)
+ TODO: check
+CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 ...)
+ TODO: check
+CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ...)
+ TODO: check
+CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability ...)
+ TODO: check
CVE-2018-18055
RESERVED
CVE-2018-18054
@@ -180,8 +218,8 @@ CVE-2018-17979
RESERVED
CVE-2018-17978
RESERVED
-CVE-2018-17977
- RESERVED
+CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM ...)
+ TODO: check
CVE-2018-17976
RESERVED
CVE-2018-17975
@@ -374,8 +412,8 @@ CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior ru
NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
CVE-2018-17890
RESERVED
-CVE-2018-17889
- RESERVED
+CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior ...)
+ TODO: check
CVE-2018-17888
RESERVED
CVE-2018-17887
@@ -387,6 +425,7 @@ CVE-2018-17885
CVE-2018-17883
RESERVED
CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the ...)
+ {DSA-4313-1}
- linux 4.18.10-2
[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
NOTE: https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
@@ -635,8 +674,8 @@ CVE-2018-17777
RESERVED
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for ...)
NOT-FOR-US: PCProtect Anti-Virus
-CVE-2018-17775
- RESERVED
+CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for ...)
+ TODO: check
CVE-2018-17774
RESERVED
CVE-2018-17773
@@ -1338,14 +1377,14 @@ CVE-2018-17445
RESERVED
CVE-2018-17444
RESERVED
-CVE-2018-17443
- RESERVED
-CVE-2018-17442
- RESERVED
-CVE-2018-17441
- RESERVED
-CVE-2018-17440
- RESERVED
+CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+ TODO: check
+CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+ TODO: check
+CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+ TODO: check
+CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v ...)
+ TODO: check
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
- hdf5 <undetermined>
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
@@ -2235,8 +2274,8 @@ CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_vide
NOT-FOR-US: SeaCMS
CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, ...)
NOT-FOR-US: BullGuard Safe Browsing
-CVE-2018-17060
- RESERVED
+CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not whitelist ...)
+ TODO: check
CVE-2018-17059
RESERVED
CVE-2018-17058
@@ -2915,6 +2954,7 @@ CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from ...
NOT-FOR-US: EasyCMS
CVE-2018-16758
RESERVED
+ {DSA-4312-1 DLA-1538-1}
- tinc 1.0.35-1
NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
CVE-2018-16757
@@ -2980,6 +3020,7 @@ CVE-2018-16739
RESERVED
CVE-2018-16738
RESERVED
+ {DSA-4312-1}
- tinc 1.0.35-1
[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
@@ -2987,6 +3028,7 @@ CVE-2018-16738
NOTE: in place for the Sweet32 attack in tinc 1.0.30.
CVE-2018-16737
RESERVED
+ {DLA-1538-1}
- tinc 1.0.31-1
NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the ...)
@@ -4095,20 +4137,20 @@ CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory .
NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
NOT-FOR-US: MiniCMS
-CVE-2018-16297
- RESERVED
-CVE-2018-16296
- RESERVED
-CVE-2018-16295
- RESERVED
-CVE-2018-16294
- RESERVED
-CVE-2018-16293
- RESERVED
-CVE-2018-16292
- RESERVED
-CVE-2018-16291
- RESERVED
+CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
CVE-2018-16290
RESERVED
CVE-2018-16289
@@ -5021,8 +5063,8 @@ CVE-2018-15905
RESERVED
CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before ...)
NOT-FOR-US: A10 ACOS Web Application Firewall
-CVE-2018-15903
- RESERVED
+CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored ...)
+ TODO: check
CVE-2018-15902
RESERVED
CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing ...)
@@ -6516,6 +6558,7 @@ CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxen
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
+ {DSA-4313-1}
- linux 4.18.10-2
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-270.html
@@ -7574,8 +7617,8 @@ CVE-2018-14820
RESERVED
CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14818
- RESERVED
+CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
+ TODO: check
CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14816
@@ -7590,8 +7633,8 @@ CVE-2018-14812
RESERVED
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer ...)
NOT-FOR-US: Fuji Electric V-Server
-CVE-2018-14810
- RESERVED
+CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and ...)
+ TODO: check
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users ...)
@@ -17836,7 +17879,7 @@ CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot
NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an ...)
- {DSA-4271-1}
+ {DSA-4271-1 DLA-1539-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked ...)
@@ -18104,7 +18147,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ...)
- {DSA-4271-1}
+ {DSA-4271-1 DLA-1539-1}
- samba 2:4.8.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration ...)
@@ -33637,14 +33680,14 @@ CVE-2018-5404
RESERVED
CVE-2018-5403
RESERVED
-CVE-2018-5402
- RESERVED
-CVE-2018-5401
- RESERVED
-CVE-2018-5400
- RESERVED
-CVE-2018-5399
- RESERVED
+CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
+ TODO: check
+CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
+ TODO: check
+CVE-2018-5400 (The Auto-Maskin products utilize an undocumented custom protocol to ...)
+ TODO: check
+CVE-2018-5399 (The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear ...)
+ TODO: check
CVE-2018-5398
RESERVED
CVE-2018-5397
@@ -37262,18 +37305,18 @@ CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists i
TODO: check
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
TODO: check
-CVE-2018-3997
- RESERVED
-CVE-2018-3996
- RESERVED
+CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
-CVE-2018-3992
- RESERVED
+CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
CVE-2018-3991
RESERVED
CVE-2018-3990
@@ -37366,18 +37409,18 @@ CVE-2018-3947
RESERVED
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
-CVE-2018-3945
- RESERVED
+CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
CVE-2018-3943 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
TODO: check
-CVE-2018-3942
- RESERVED
-CVE-2018-3941
- RESERVED
-CVE-2018-3940
- RESERVED
+CVE-2018-3942 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-3941 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
+CVE-2018-3940 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
+ TODO: check
CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
NOT-FOR-US: Foxit
CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
@@ -43523,16 +43566,16 @@ CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote att
NOT-FOR-US: IBM
CVE-2018-1754
RESERVED
-CVE-2018-1753
- RESERVED
+CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error ...)
+ TODO: check
CVE-2018-1752
RESERVED
CVE-2018-1751
RESERVED
-CVE-2018-1750
- RESERVED
-CVE-2018-1749
- RESERVED
+CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions for a ...)
+ TODO: check
+CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete ...)
+ TODO: check
CVE-2018-1748
RESERVED
CVE-2018-1747
@@ -43543,12 +43586,12 @@ CVE-2018-1745
RESERVED
CVE-2018-1744
RESERVED
-CVE-2018-1743
- RESERVED
-CVE-2018-1742
- RESERVED
-CVE-2018-1741
- RESERVED
+CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
+ TODO: check
+CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
+ TODO: check
+CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly ...)
+ TODO: check
CVE-2018-1740
RESERVED
CVE-2018-1739
@@ -106335,8 +106378,8 @@ CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11
NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2016-7475
- RESERVED
+CVE-2016-7475 (Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or ...)
+ TODO: check
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4c73413efc2111f67a46214b78f28b517f6b611
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181008/cfa3329b/attachment.html>
More information about the debian-security-tracker-commits
mailing list